1 /*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15 #include "hitls_build.h"
16 #if defined(HITLS_TLS_CALLBACK_CERT) || defined(HITLS_TLS_FEATURE_PROVIDER)
17 #include <stdio.h>
18 #include <string.h>
19 #include "crypt_types.h"
20 #include "bsl_err_internal.h"
21 #include "crypt_errno.h"
22 #include "hitls_error.h"
23 #include "hitls_type.h"
24 #include "hitls_cert_type.h"
25 #include "hitls_crypt_type.h"
26 #include "crypt_algid.h"
27 #include "crypt_eal_pkey.h"
28 #include "bsl_params.h"
29 #include "crypt_params_key.h"
30 #include "hitls_pki_cert.h"
31
SetPkeySignParam(CRYPT_EAL_PkeyCtx * ctx,HITLS_SignAlgo signAlgo,int32_t mdAlgId)32 static int32_t SetPkeySignParam(CRYPT_EAL_PkeyCtx *ctx, HITLS_SignAlgo signAlgo, int32_t mdAlgId)
33 {
34 if (signAlgo == HITLS_SIGN_RSA_PKCS1_V15) {
35 int32_t pad = mdAlgId;
36 return CRYPT_EAL_PkeyCtrl(ctx, CRYPT_CTRL_SET_RSA_EMSA_PKCSV15, &pad, sizeof(pad));
37 } else if (signAlgo == HITLS_SIGN_RSA_PSS) {
38 int32_t saltLen = CRYPT_RSA_SALTLEN_TYPE_HASHLEN;
39 BSL_Param pssParam[4] = {
40 {CRYPT_PARAM_RSA_MD_ID, BSL_PARAM_TYPE_INT32, &mdAlgId, sizeof(mdAlgId), 0},
41 {CRYPT_PARAM_RSA_MGF1_ID, BSL_PARAM_TYPE_INT32, &mdAlgId, sizeof(mdAlgId), 0},
42 {CRYPT_PARAM_RSA_SALTLEN, BSL_PARAM_TYPE_INT32, &saltLen, sizeof(saltLen), 0},
43 BSL_PARAM_END};
44 return CRYPT_EAL_PkeyCtrl(ctx, CRYPT_CTRL_SET_RSA_EMSA_PSS, pssParam, 0);
45 } else if (signAlgo == HITLS_SIGN_SM2) {
46 /* The default user id as specified in GM/T 0009-2012 */
47 char sm2DefaultUserid[] = "1234567812345678";
48 return CRYPT_EAL_PkeyCtrl(ctx, CRYPT_CTRL_SET_SM2_USER_ID, sm2DefaultUserid, strlen(sm2DefaultUserid));
49 }
50
51 return HITLS_SUCCESS;
52 }
53
HITLS_X509_Adapt_CreateSign(HITLS_Ctx * ctx,HITLS_CERT_Key * key,HITLS_SignAlgo signAlgo,HITLS_HashAlgo hashAlgo,const uint8_t * data,uint32_t dataLen,uint8_t * sign,uint32_t * signLen)54 int32_t HITLS_X509_Adapt_CreateSign(HITLS_Ctx *ctx, HITLS_CERT_Key *key, HITLS_SignAlgo signAlgo,
55 HITLS_HashAlgo hashAlgo, const uint8_t *data, uint32_t dataLen, uint8_t *sign, uint32_t *signLen)
56 {
57 (void)ctx;
58 if (SetPkeySignParam(key, signAlgo, hashAlgo) != HITLS_SUCCESS) {
59 return HITLS_CERT_SELF_ADAPT_ERR;
60 }
61 return CRYPT_EAL_PkeySign(key, (CRYPT_MD_AlgId)hashAlgo, data, dataLen, sign, signLen);
62 }
63
HITLS_X509_Adapt_VerifySign(HITLS_Ctx * ctx,HITLS_CERT_Key * key,HITLS_SignAlgo signAlgo,HITLS_HashAlgo hashAlgo,const uint8_t * data,uint32_t dataLen,const uint8_t * sign,uint32_t signLen)64 int32_t HITLS_X509_Adapt_VerifySign(HITLS_Ctx *ctx, HITLS_CERT_Key *key, HITLS_SignAlgo signAlgo,
65 HITLS_HashAlgo hashAlgo, const uint8_t *data, uint32_t dataLen, const uint8_t *sign, uint32_t signLen)
66 {
67 (void)ctx;
68 if (SetPkeySignParam(key, signAlgo, hashAlgo) != HITLS_SUCCESS) {
69 return HITLS_CERT_SELF_ADAPT_ERR;
70 }
71 return CRYPT_EAL_PkeyVerify(key, (CRYPT_MD_AlgId)hashAlgo, data, dataLen, sign, signLen);
72 }
73
74 #if defined(HITLS_TLS_SUITE_KX_RSA) || defined(HITLS_TLS_PROTO_TLCP11)
CertSetRsaEncryptionScheme(CRYPT_EAL_PkeyCtx * ctx)75 static int32_t CertSetRsaEncryptionScheme(CRYPT_EAL_PkeyCtx *ctx)
76 {
77 int32_t pad = CRYPT_MD_SHA256;
78 return CRYPT_EAL_PkeyCtrl(ctx, CRYPT_CTRL_SET_RSA_RSAES_PKCSV15, &pad, sizeof(pad));
79 }
80
81 /* only support rsa pkcs1.5 */
HITLS_X509_Adapt_Encrypt(HITLS_Ctx * ctx,HITLS_CERT_Key * key,const uint8_t * in,uint32_t inLen,uint8_t * out,uint32_t * outLen)82 int32_t HITLS_X509_Adapt_Encrypt(HITLS_Ctx *ctx, HITLS_CERT_Key *key, const uint8_t *in, uint32_t inLen,
83 uint8_t *out, uint32_t *outLen)
84 {
85 (void)ctx;
86 if (CRYPT_EAL_PkeyGetId(key) == CRYPT_PKEY_RSA && CertSetRsaEncryptionScheme(key) != HITLS_SUCCESS) {
87 return HITLS_CERT_SELF_ADAPT_ERR;
88 }
89
90 return CRYPT_EAL_PkeyEncrypt(key, in, inLen, out, outLen);
91 }
92
93
HITLS_X509_Adapt_Decrypt(HITLS_Ctx * ctx,HITLS_CERT_Key * key,const uint8_t * in,uint32_t inLen,uint8_t * out,uint32_t * outLen)94 int32_t HITLS_X509_Adapt_Decrypt(HITLS_Ctx *ctx, HITLS_CERT_Key *key, const uint8_t *in, uint32_t inLen,
95 uint8_t *out, uint32_t *outLen)
96 {
97 (void)ctx;
98 if (CRYPT_EAL_PkeyGetId(key) == CRYPT_PKEY_RSA && CertSetRsaEncryptionScheme(key) != HITLS_SUCCESS) {
99 return HITLS_CERT_SELF_ADAPT_ERR;
100 }
101
102 return CRYPT_EAL_PkeyDecrypt(key, in, inLen, out, outLen);
103 }
104 #endif
105
HITLS_X509_Adapt_CheckPrivateKey(const HITLS_Config * config,HITLS_CERT_X509 * cert,HITLS_CERT_Key * key)106 int32_t HITLS_X509_Adapt_CheckPrivateKey(const HITLS_Config *config, HITLS_CERT_X509 *cert, HITLS_CERT_Key *key)
107 {
108 (void)config;
109 CRYPT_EAL_PkeyCtx *ealPubKey = NULL;
110 CRYPT_EAL_PkeyCtx *ealPrivKey = (CRYPT_EAL_PkeyCtx *)key;
111 int32_t ret = HITLS_X509_CertCtrl(cert, HITLS_X509_GET_PUBKEY, &ealPubKey, 0);
112 if (ret != HITLS_SUCCESS) {
113 BSL_ERR_PUSH_ERROR(ret);
114 return ret;
115 }
116
117 ret = CRYPT_EAL_PkeyPairCheck(ealPubKey, ealPrivKey);
118 CRYPT_EAL_PkeyFreeCtx(ealPubKey);
119 if (ret != CRYPT_SUCCESS) {
120 BSL_ERR_PUSH_ERROR(ret);
121 }
122 return ret;
123 }
124 #endif /* defined(HITLS_TLS_CALLBACK_CERT) || defined(HITLS_TLS_FEATURE_PROVIDER) */
125